Lucene search
K

8 matches found

CNNVD
CNNVD
added 2026/05/15 12:0 a.m.9 views

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under the open source Open WebUI project. Versions of Open WebUI prior to 0.8.11 had an authorization issue vulnerability. This vulnerability stemmed from the internal bypassfilter parameter being exposed through FastA...

5.4CVSS5.8AI score0.00193EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:26 p.m.13 views

Open WebUI: Sharing models for others to use (read permission) also exposes model details (system prompt leakage)

Summary When setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may consider their system prompt confidential, so we consider this a security issue. Compare...

4.3CVSS5.8AI score0.0022EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 3:4 p.m.5 views

LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

Summary The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected...

7.1CVSS6.2AI score0.00126EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 3:25 p.m.3 views

CVE-2025-68152 Juju: Read All Controller Logs From Compromised Workload

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/02 9:54 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the stop triggers and /models command. An attacker can disrupt active sessions and access sensitive model or authentication metadata by sending unauthorized...

6.9CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 12:53 p.m.12 views

CVE-2018-13885

Possible memory overread may be lead to access of sensitive data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9650, MDM9655, QCS605, Qualcomm 215, SD...

5.5CVSS6.9AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 10:56 a.m.17 views

BIT-MLFLOW-2023-6975 Path Traversal: '\..\filename'

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...

9.8CVSS9.6AI score0.02013EPSS
Exploits1References3
OSV
OSV
added 2023/12/20 6:30 a.m.3 views

GHSA-HH8P-P8MP-GQHM MLFlow Path Traversal Vulnerability

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...

9.8CVSS6.1AI score0.02013EPSS
Exploits1References4
Rows per page
Query Builder